A new feature was enabled last week for premium VaultPress users: WordPress core file scanning. Since VaultPress knows which version of WordPress you’re running, as well as which files that version should include, VaultPress can monitor your files and let you know if something weird is going on (using MD5 checksum, a sort of digital fingerprint).
As Brian Colinger explains on the VaultPress blog:
On our initial scan of your site, we perform all three of these steps for each of the 750+ WordPress core files. This scan creates a baseline that we can compare against in future scans. If the MD5 checksum of a core file doesn’t match, we notify you through an alert in the security tab of your VaultPress dashboard. A variation in the checksum means that the file has been modified from the original version that came with your WordPress install.
If you weren’t the one who modified a file, it’s possible that your site has been hacked and malicious code injected. In that case, you can contact the VaultPress Safekeeper team from your dashboard and we’ll help you diagnose and correct the problem.
Colinger explains that future versions of the scanner will store a diff of file changes to show exactly what has been changed in each file. Malicious code detection will be in a future version as well.